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Application Ser. No. 10/600,121 
AMENDMENTS TO THE CLAIMS 

1 . (currently amended) An apparatus for proving authentication when a user 
is not present, said apparatus comprising: 

a Web service client coupled to a service provider; 
a W e b s e rvic e provider - ra <i» d 

an online wallet configured to store and selectively reiease financial 

inforniatlon of various users: 
a discovery servlfce; 
wherein: 

said Web service client, said service provider, said Web service provider, 
and said discovery service agree to work with each other; and - 

e aid W e b se rvic e provid e r Is configured in - €uol v a - way such that sa i d 
c a lling W e b s e rvice c l ient must - prove that it has perm l ss ieR4e 
r e qu e st a s e rvic e f ronrvsald Wob sorvico prov i d e r wh e n a l ive 
auth e nt i cat e d - s e ssloR - e^aid uoor w i th s aid W e b servico client is 
not present, 

an act of releasinc financial information of the given user from the online 
wallet to fund an online purchase transaction on behalf of a given 
user without a live authenticated session of ttie given user with the 
Web service client is conditioned uoon receiving proof of authoritv 
to conduct the requested purchase transaction without the live 
authenticated session. 

2. (original) The apparatus of Claim 1 , wherein said Web service client 
comprises an assertion, said assertion comprising a statement that said user has 
an authenticated session. 

3. (original) The apparatus of Claim 2, wherein said assertion is signed by an 
authority. 
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4. (original) The apparatus of Claim 3, wherein said authority is an identity 
provider of said discovery service. 

5. (original) The apparatus of Claim 2, wherein said statement comprises, 
but is not limited to. the following information: 

a system entity that made said assertion; 

a system entity making a request; 

a system entity relying on said assertion; and 

a name identifier of said user in a namespace of said system entity that 
made said assertion to said system entity relying on said assertion. 

6. (original) The apparatus of Claim 5, wherein said system entity making 
said assertion is an identity provider of said discovery service. 

7. (original) The apparatus of Claim 5, wherein said system entity making a 
request is said Web service client. 

8. (currently amended) The apparatus of Claim 5, wherein said system entity 
relying on said assertion is said online wallet. W e b s e rv i c e provid e r. 

9. (currently amended) The apparatus of Claim 5, wherein said asserting 
party is said Web sen/Ice client and said relying party is said online wallet Web 
s e rvic e provider. 

10. (currently amended) The apparatus of Claim 2, wherein said statement is 
included in an extended assertion that is given to said online wallet s e rvic e 
prov i d e r at time of authentication. 

11. (original) The apparatus of Claim 1 , further comprising; 
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means for said Web service client presenting to said discovery service a 
service assertion obtained fronn a second system entity, wherein 
said service asserlion comprises a user presence statement; and 

means for said discovery service issuing a new service assertion 

comprising a new user presence statement, said new service 
assertion and said new user presence statement associated witli 
said second system entity. 

1 2. (original) The apparatus of Claim 1 1 , wherein said second system entity is 
a second Web service client. 

13. (original) The apparatus of Claim 1 , further comprising means for said 
discovery service recording and storing user statement information. 

14. (original) The apparatus of Claim 13, wherein said recorded and stored 
user statement information is in the fonm of a table, 

1 5. (currently amended) The apparatus of Claim 1 , further comprising means 
for said W e b se rvice prov ider online wallet storing a ticket for checking said 
permission to request a sen/Ice. 

1 6. (currently amended) The apparatus of Claim 1 , further comprising means 
for testing a request to said Web service while a user is still present, wherein 
either or both said discovery service and said online wallet Wob servic e provid e r 
can perform real-time consent informational data collection from a user without 
having actually performed a particular transaction. 

17. (currently amended) A method for proving authentication when a user is 
not present, said method comprising the steps of: 

providing a Web service client coupled to a service provider; 
providing a W e b se rvic e provid e r; and 
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providing an online wallet configured to store and selectively release 

financial information of various users: 
providing a discovery service; 
wherein: 

said Web service client, said service provider, said Web service provider, 
and said discovery service agree to work with each other; and 

oa i d Web oorv i oc - providor io configurod in ouoh q woy ouoh - that oa i d 
G a l ling Wob oorvlco oliont muot prove that it hoo popmiooion to 
requ e st a s e rvic e from s aid W e b se rvic e provid e r whon a l iv e 
auth e nticat e d s e ssion of said us e r with s a id W e b oorv i co oliont io 
not pr e s e nt. 

an act of releasing financial information of the given user from the online 
wajlet to fund an online purchase transaction on behalf of a given 
user without a liye aqttienticated session of the given user with the 
Web seryicp client js 99nc|ition^c! "Pop receiving proof of authority 
to conduct the requeste cj purchase transaction without the live 
authenticated session, 

18. (original) The method of Claim 17, wherein said Web service client 
comprises an assertion, said assertion comprising a statement that said user has . 
an authenticated session. 

1 9. (original) The method of Claim 18, wherein said assertion is signed by an 
authority. 

20. (original) The method of Claim 19, wherein said authority is an identity 
provider of said discovery service. 

21 . (original) The method of Claim 18. wherein said statement comprises, but 
is not limited to, the following information: 

a system entity that made said assertion; 
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a system entity making a request; 
a system entity relying on said assertion; and 
a name identifier of said user in a namespace of said system entity that 
made said assertion to said system entity relying on said assertion. 

22. (original) The method of Claim 21, wherein said system entity making said 
assertion is an identity provider of said discovery service. 

23. (original) The method of Claim 21 , wherein said system entity making a 
request is said Web service client. 

24. (currently amended) The method of Claim 21. wherein said system entity 
relying on said assertion is said online wallet W e b s e rv i c e provid e r. 

25. (currently amended) The method of Claim 21 , wherein said asserting party . 
is said Web service client and said relying party Is said online wallet W e b s e rvice 
provid e r, 

26. (currently amended) The method of Claim 18, wherein said statement is 
included in an extended assertion that is given to said online wallet seiviee 
provid e r at time of authentication. 

27. (original) The method of Claim 17, further comprising the steps of: 
said Web service client presenting to said discovery service a service 

assertion obtained from a second system entity, wherein said 
service assertion comprises a user presence statement; and 
said discovery sen/ice issuing a new service assertion comprising a new 
user presence statement, said new service assertion and said new 
user presence statement associated with said second system 
entity. 
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28. (original) The method of Claim 27, wherein said second system entity is a 
second Web service client 

29. (original) The method of Claim 17, further comprising the step of said 
discovery service recording and storing user statement information. 

30. (previously presented) The method of Claim 29, wherein said recorded 
and stored user statement information is in the form of a table. 

31. (currently amended) The method of Claim 17, further comprising the step 
of said online wallet Web - eorv i co - providor storing a ticket for checking said 
permission to request a service. 

32. (currently amended) The method of Claim 17. further comprising the step 
of testing a request to said online wallet Web s e rvioo providor while a user is still 
present, wherein either or both said. discovery service and said online wallet Web 
s e rvio e- prov i d eF can perform real-time consent informational data collection from 
a user without having actually performed a particular transaction. 

33. (cunrently amended) A method for invoking authenticated transactions on 
behalf of a user when the user Is not present, said method comprising the steps 
of: 

a service provider, at a time when a user is present, asking the user If said 
service provider can perform a particular transaction at a later point 
in time when the user is not present, wherein if the user indicates 
yes, then said service provider sending a notification to register with 
any of. or both of: 
a trusted discovery service; and 

a user activated online wallet confidentially storing financial data of 

the user sufficient to fund the particular transaction: 
a W e b servic e prov i d e r that p e rforms s a id particular transaction; 
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Wherein while the user is still present, the user can be asked to provide 

informational content related to said particular transaction; and 
at a time when the user is not presents the service provider initiating the 

particular transaction and requesting the online wallet to release 

financial data of the user, 
for invocation, said s e rvice provid e r making a requ e st of th e W e b e e rvio e 

provldeMoH^ e rf<WTK5a j cH>art^ 

34. (currently amended) The method of Claim 33, further comprising the step 
of a discovery service checking if the user gave permission for contacting said 
online v^llet W e b se rv i G e provid e r when the user is not present, and if 
permission is granted, allowing control to go to said online wallet Web eerv i oo 
provid e r. 

35, (currently amended) The method of Claim 33, further comprising any of 
the steps of said Web service provider: 

trusting said discovery service perfomied checking for permission and 
accepting that if said discovery service indicates the user gave 
permission, then said online wallet W o b corvi ce " prov i der 
performing said particular transaction; and 

said online wallet W e b se rvic e provid e r deciding to perform checking for 
permission, and subsequently performing said particular transaction 
if said online wallet W e b se rvic e provid e r determines permission is 
granted. 

36, (original) The method of Claim 33, further comprising the step of providing 
a user capability of reviewing and modifying stored permissions, 

37. (original) The method of Claim 33, further comprising the step of providing 
robust security by having tmst kept centrally in said discovery service. 
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38. (currentiy amended) The method of Claim 33, further comprising said 
discovery service supporting a plurality of different types of online wallet Web 

39. (currently amended) An apparatus for invoking authenticated transactions 
on behalf of a user when the user is not present, said m e thod comprising: 

a computer driven service provider, configured to perfomi ooerations 

comprising, prov i d i ng^ s e rvice provider, at a time when a user is 
present, asking the user if said service provider can perfomi a 
particular transaction at a later point In time when the user is not 
present, wherein if the user indicates yes, then said service 
provider sending a notification to register with any of. or both of: 
a taisted discovery service; and 

a W e b s e rv i c e prov i d e r that p e rform s said particular tranoact i on; 

a user activated online wallet confidentially storing financial data of 
the user sufficient to fund the particular transaction: 
wherein while the user is still present, the user can be asked to provide 

informational content related to said particular transaction; and 
wherein the service provider is configured to oerfomi further operations 

comprising, at.a..tirTi^ when the us^r l> not PF^s^nt, initiating the 

particular transaction and requesting the online wallet to release 

financial data of the user. 
for invocation, m e ans for said se rvic e prov i der making a roquest of th e 

Web s e rvic e provid e r to perform said particu l ar tranoaction. 

40. (currently amended) The apparatus of Claim 39, further comprising means 
for a discovery service checking if the user gave permission for contacting said 
online wallet Web oorvico provid e r when the user is not present, and If 
permission is granted, allowing control to go to said online wallet W e b sen/ico 
providor . 
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41 . (currently amended) The apparatus of Claim 39. further comprising the 
online wallet, the online wallet being programmed to perfomi operations 
comprising: m e ans for any of sa i d W e b s e rvice provlder: 

trusting said discovery service performed checking for permission and 
accepting that if said discovery service indicates the user gave 
permission, then said online wallet W e b s e n/ico prov i der 
performing said particular transaction; and 

said online wallet W e b se rv i c e provider deciding to perform checking for 
permission, and subsequently performing said particular transaction 
if said online wallet W e b s e rv i c e prov i d e r determines permission is 
granted. 

42. (original) The apparatus of Claim 39, further comprising means for 
providing a user capability of reviewing and modifying stored permissions, 

43. (original) The apparatus of Claim 39, further comprising means for 
providing robust security by having trust kept centrally in said discovery service. 

44. (currently amended) The apparatus of Claim 39, further comprising means 
for said discovery service supporting a plurality of different types of online wallet. 
W e be e Fvic e - providers . 

45. (new) A process for establishing user authentication when the user is not 
present comprising operations of: 

at a time went the user Is engaged in a live authenticated session with an 
online service provider, the online service provider asking the user 
for permission for the online service provider to conduct at least 
one subject purchase at a later point in time when the user is no 
longer engaged In a live authenticated session with the online 
service provider; 
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responsive to an affirmative answer, the online service provider sending 
registration data to at least one of: 
a trusted discovery service; 

an online wallet responsible for providing finance infomnation to 
canry out the subject purchase; 

at a time when the user is not present, the online service provider initiating 
a purchase transaction on behalf of the user, and in response 
thereto, submitting a request to reveal finance information of the 
user to implement the purchase transaction, the request being 
submitted to the trusted discovery service; 

responsive to the request, the perfomiing at least one of the following 
operations: 

the trusted discovery service checking for presence of the 

registration to determine if the user gave prior permission for 
conducting the requested transaction with the online wallet 
when the user is not present, and if so, the trusted discovery 
service authorizing the online wallet to reveal the requested 
finance information of the user to complete the requested 
transaction; 

in the event registration lies with the online wallet, the trusted 

discovery service fonwarding the request to the online wallet 
for determination therein as to whether the user gave prior 
permission for conducting the requested transaction with the 
online wallet. 

46. (new) The process of claim 45, the operations further comprising: 

if the user gave prior permission, the online wallet revealing the requested 
finance Infomiation of the user to complete the purchase 
transaction even though the user is not engaged in a live 
authenticated session with the online service provider. 
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47. (new) The process of claim 45, the operations further comprising: 
responsive to the trusted discovery service authorizing the online wallet to 

complete the transaction, the online wallet verifying the registration 
data as a condition to revealing the requested finance information, 

48. (new) The method of claim 45, where the operation the operation of 
submitting the request to the trusted discovery service comprises: 

the online service provider making the request via client software 
representing the user. 



49. (new) The process of claim 45, the online service provider further 
comprising web sen/ices client software. . 

50. (new) The process of claim 45, the operations further comprising: 
while the user is engaged in a live authenticated session with the online 

service provider, conducting a test transaction short of actually 
completing the transaction in order to verify that the test transaction 
can be successfully carried out at a later time when the user is not 
engaged in a live authenticated session with the online service 
provider. 
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